Choose your NetScaler … wisely

I spend a lot of my time breaking down the different models of Citrix NetScaler appliances and different Software Editions within the Citrix NetScaler portfolio.

I decided to set up a blog about this since the path is usually pretty much (lengthy but) the same. This does not mean the answer is always easy because there are a lot of questions that need to be answered.

The first thing I would like to get off my chest is the following: Stop seeing/selling the Citrix NetScaler as a replacement for Secure Gateway. It is so much more than that. I often have discussions with various engineers and consultants telling me that Citrix NetScaler is so expensive for a Remote Access solution because Secure Gateway always used to be free. No offense but a Citrix NetScaler solution belongs to the networking department, not the Citrix XenApp sys admin department. Or maybe limited.

Read more of this post


Creating user customizable announcements for NetScaler Access Gateway

A customer would like to designate a number of people for customizing announcements on the Access Gateway Enterprise page.  This way the organization can announce important changes, planned downtime or other announcements. The advantage of this is that a network engineer does not need to be bothered for displaying all sorts of messages on the Access Gateway by fiddling with the files on the appliances.


Read more of this post

[BUG] ERROR: Feature(s) not licensed [AAA]

This week I was implementing a pair of Citrix NetScaler Standard Edition appliances, mostly to be used for Access Gateway features. As always I started of with the latest Citrix NetScaler firmware which is 73.5 as of this writing. I was configuring Pre-Authentication Policies within GUI, later on I was testing HA failover and noticed that the Pre-Authentication policies were missing after doing a HA Failover.


Read more of this post

To EPA or not to EPA …

For anyone who has not worked with NetScaler Gateway Endpoint Protection Analysis before. It is pre-check before the user get to see the Gateway Logon page it has to comply certain rules that we have programmed the Gateway with. Sometimes I here people say that there is no future for EPA, but I would like to show a use-case which still is actively deployed using NetScaler Gateway and EPA’s.

This feature was already present with the Citrix Access Gateway Advanced using Citrix Advanced Access Control Option Server, yes did it! :-).

What it does is that upon client request it will launch a small piece of Citrix client software to check if the client meets our requirements for connecting. This is triggered by using an ActiveX component within Internet Explorer of Firefox. If the software is not installed it will prompt the user to do so.

Read more of this post

[BUG] Citrix (Branch) Repeater reboots spontaneously

Deployed the newest Citrix Repeater firmware on to two Citrix Repeater 8540 series. Only one appliance gave the error statement “Internal consistency checking has detected an unexpected restart (1)” and initiated a dump. Transferred the diagnostic files to Citrix Support where they were analyzed which confirmed a bug (BUG0354515).


It seems to be caused by a uninitialized variable during Auto App Discovery within ICA.

In all honesty it happened only once, so I still mark the event as an incident. Citrix has confirmed the bug (BUG0354515) and it will be fixed in the next minor ( or major (7.x) software release (they are not yet sure).


Update: Citrix Support has indicated that the bug will be fixed in release 6.2.1.

Performance degrades when enabling Citrix (Branch) Repeater Traffic Acceleration

An interesting problem where a customer has a PoC environment to see if Citrix Repeaters would add value to the Citrix XenApp/XenDesktop implementation over a WAN connection with the help of a Citrix Repeaters 8540 on each end.

Whenever the Traffic Acceleration mode was enabled performance of the XenApp/XenDesktop connection was worse then having Traffic Acceleration disabled. Movies would play frame by frame, it would take ages to move a AutoCAD object from A to B within a drawing.

The ‘receiving’ Citrix Repeater’s Log mentioned Fragmented IP Packets are being received.

Read more of this post

Contributing to Citrix Education

Last week I was off to Citrix Systems, Santa Clara for attending the next Citrix NetScaler-based CCA exams IDW (Item Development Workshop). An IDW is a workshop that lasts about a week in which you and others will create exam questions (or items) that will appear on the next (or revised) Citrix exam(s). In this particular IDW we are concentrating on the follow-up exams of the old Citrix NetScaler 1Y0-A11 and Citrix Access Gateway Enterprise 1Y0-A13 which are based on the Citrix NetScaler 9 software version.

Citrix NetScaler IDW 2012-01

Unfortunately we forgot to take a picture of all the participants together, so to name a few: from left to right: Lourdes Soler (Citrix), Henny Louwers, Stuart Souter, Alejandra Garcia (Citrix), Craig Pickford and Robert Zehnder.

Read more of this post

“Your PC ran into a problem and needs to restart” (Installing Windows Server 2012 on VMware ESXi 5.0)

Preparing somewhat for the upcoming Microsoft Beta Exams (071-413, 071-414, 071-415 and 071-416) thinking I would go ahead and install Microsoft Windows Server 2012 into my testing environment which is VMWare ESXi (at the moment). I created a custom VM, removed the Floppy drive (because that seemed to be the issue not getting Windows 8 working within VMware Workstation 8). I did do some other standard stuff like selecting Windows Server 2008 (64-bit) instead of Windows Server 2008 R2 (That seemed part of the solution on Workstation). All this to no avail on VMWare ESXi 5.0.

The resolution for me was to patch the VMware ESXi 5.0 server to Build 768111 which is up to 5.0.0 Patch 7.

I like the new fun error message though … Hope it will last beyond RC level, Microsoft should do more fun stuff like this, and I don’t mean more error messages Winking smile.


Installing Citrix NetScaler VPX into VMware Workstation

I hope I don’t need to explain that this is for testing/evaluating purposes only and is not at all supported by Citrix in any way.  The reason for me to create this how-to is because I am stumbling on a lot of forum posts asking if is at all possible to install Citrix NetScaler VPX into VMware Workstation and if it passes traffic when it is installed within VMware Workstation. Well, I’m doing this all the time for testing purposes with every new version of Citrix NetScaler VPX that comes out.

In this guide I will only show how to get a working Citrix NetScaler VPX into VMware Workstation VM.

Materials used for this:
– Citrix NetScaler VPX for ESX 10 Build 54.6 (link);
– VMware OVF Tool 2.1.0 (link);
– VMware Workstation 8;
– WinRAR.

Read more of this post

Citrix NetScaler 10: Apply Citrix Receiver Theme

You may have noticed in the Release Notes of Citrix NetScaler 10 that is possible to apply the new Citrix Receiver theme to the Access Gateway Enterprise logon page.

As per the Release notes:

Apply the Citrix Receiver theme to the logon page
You can use the command line to overwrite the original Access Gateway logon page with the Citrix Receiver theme

Only the how is nowhere to be found in the Citrix documentation. Update: the official Citrix product documentation on how to apply the Citrix Receiver theme to Citrix Access Gateway Enterprise 10 can be found here:
So, although the explanation below will work, I’d have to recommend using Citrix product documentation.

Well, Jarian Gibson found out how (So no credit for me), you can also go tot the forum post, it is the same task sequence.

Read more of this post